Cryptographers Find Fault With Palladium 345
FrzrBrn writes "Whitfield Diffie and Ronald Rivest raised concerns about Microsoft's Next-Generation Secure Computing Base (formerly Palladium) at the RSA Conference in San Francisco on Monday. They are (naturally) concerned about vendor lock-in and having computers turned against their owners. See the story at EE Times."
Sidenote about RSA (Score:5, Informative)
This sums it up (Score:5, Informative)
Does anyone think Microsoft would have it any other way?
info on dr. Diffie e.g. karma whoring at its best (Score:2, Informative)
For a dozen years prior to assuming his present position in 1991, Diffie was Manager of Secure Systems Research for Northern Telecom, functioning as the center of expertise in advanced security technologies throughout the corporation. Among his achievements in this position was the design of the key management architecture for NT's PDSO security system for X.25 packet networks.
Diffie received a Bachelor of Science degree in mathematics from the Massachusetts Institute of Technology in 1965. Prior to becoming interested in cryptography, he worked on the development of the Mathlab symbolic manipulation system --- sponsored jointly at Mitre and the MIT Artificial Intelligence Laboratory --- and later on proof of correctness of computer programs at Stanford University.
Since 1993, Diffie has worked largely in public policy, in the area of cryptography. He has testified twice to the House and twice to the Senate. His position --- in opposition to limitations on the business and personal use of cryptography --- has been the subject of articles in the New York Times Magazine, Wired, Omini, and Discover. The subject has also been covered on the Discovery Channel, Equinox TV in Britain, and the Japanese TV network NHK.
Notariety has provoked a number of awards, including: IEEE Information Theory Society Best Paper Award for 1979, IEEE Donald E. Fink award for 1981, the 1994 Pioneer Award, given by The Electronic Frontiers Foundation for contribution to the quality of life in cyberspace, the 1996 National Computer Systems Security Award given jointly by NIST and NSA, the 1997 Louis E. Levy Medal from the Franklin Institute in Philadelphia, the First ACM Paris Kanellakis Award for contribution to theory and practice in computer science, the IEEE Information Society Golden Jubilee Award for invention of the Diffie-Hellman key exchange protocol.
Not A Crypto Fault (Score:5, Informative)
The alleged benefit of the CBDTPA, Pd, etc. (Score:5, Informative)
Is there any way whatsoever in which this would help Joe User or Joe Hacker(not to be confused with Joe Cracker)?
The excuse given for the CBDTPA, which may apply to Pd as well, is that more authors would be willing to publish works in a digital restrictions management system than in a system that grants all fair use rights by default.
The big picture (Score:5, Informative)
It is well worth a read giving an insightful historical perspective and with translations to a number of other languages available.
Not all authors will switch to DRM (Score:4, Informative)
Optional as in you won't need it if you don't want to [use any new copyrighted works]
You assume that all authors would switch over to a digital restrictions management system. This may be true of the studios in the Motion Picture Association of America, but there remains a thriving community built around limited free sharing of copyrighted works, especially computer programs [opensource.org].
And if you claim that free software won't be allowed to boot on future computers, I don't find that substantiated. What I've read of the Palladium specification states that Palladium comes into play only when the system is booted with Palladium support turned on in the BIOS, and only for those processes that import palladium.dll. From Microsoft's marketing material [microsoft.com]: "A 'Palladium'-enhanced computer must continue to run any existing applications and device drivers." And the TCPA TPM FAQ (pdf [trustedcomputing.org]) states that "The trust model the TCPA promotes for the PC is: the owner runs whatever OS or applications they want".
The key is not the point (Score:5, Informative)
The point actually is that any theoretical construct like a cryptographic scheme or a TCP protocol needs practical implementation in code. And this is where the bugs creep in. And with things like Microsoft, those bugs are as common as snow in Greenland. And so all these hackers/crackers out there working their fingers on their keyboards and peering into bright screens into the fading night can 'hack' Palladium.
Microsoft has taken on itself to make errors wherever possible and remain as human as any one of us. Trust them to repeat their humanity and come up with enough holes in their Palladium implementation to let most hacks through.
_Correction_ (Score:5, Informative)
I suppose the NSA stopping all development on SE Linux is the reason that they just posted updates one week ago [nsa.gov] to SE Linux, as well as in January 2003, December 2002, and October 2002, all of which took place after this article reported them dropping the project (August 2002).
Not to flame, but just check your sources first next time
Re:It's called "Boiling the frog" (Score:3, Informative)
For example, one reason that the Supreme Court gave for not striking down the latest Mickey Mouse copyright extension act (in Eldred v. Ashcroft) was that it had not struck down other previous copyright extensions. Give an inch and they take a mile.
Re:Cryptographers Find Fault With Palladium (Score:2, Informative)
And I do hope that your transition over to Linux goes well for you and your business. Best of luck.
there was a thread.. (Score:3, Informative)
here [fark.com].
just a not-so geeky viewpoint there.